~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014) ~ Lancé par Mag (03/01/2014 11:11:11) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 GCIE: Google Chrome v31.0.1650.63 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.2.286 Microsoft Security Client v4.4.0304.0 ---\\ Logiciels d'optimisation du système CCleaner v4.01 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Adobe Reader XI Java 7 Update 45 ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 95 Stepping 2, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1022 MB (27% free) System Restore: Désactivé (Disabled) System drive C: has 16 GB (20%) free of 75 GB ---\\ Mode de connexion au système ~ Computer Name: HP ~ User Name: Mag ~ All Users Names: SUPPORT_388945a0, Mag, HelpAssistant, fbwuser, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\Mag\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\Mag\Application Data\ ~ %Desktop% : C:\Documents and Settings\Mag\Bureau\ ~ %Favorites% : C:\Documents and Settings\Mag\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Mag\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Mag\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 16 Go of 75 Go) D: CD-ROM drive (Free 0 Go of 1 Go) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.897CA9DA6F568E24549719D5676385A1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 08:57:02.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 04:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 02s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/101 ~ Mes musiques (My Musics) : 1/2 ~ Mes Favoris (My Favorites) : 1/10 ~ Mes Documents (My Documents) : 1/4555 ~ Mon Bureau (My Desktop) : 0/32 ~ Menu demarrer (Programs) : 1/50 ~ Hidden Files: Scanned in 00mn 02s ---\\ Processus lancés [MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112] [PID.1132] [MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1616] [MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376] [PID.644] [MD5.7315846D5D2BC82C37E27E82767F7DB5] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16871936] [PID.1376] [MD5.A115E3540E9406551FD82DC9BD485F0F] - (.Pas de propriétaire - VProtect Application (Official).) -- C:\Program Files\AVG Secure Search\vprot.exe [2471448] [PID.1392] =>Toolbar.AVGSearch [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.1436] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.1444] [MD5.B5E3681782D33159AF28CFE2E0E3B9B2] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3806544] [PID.1480] [MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Documents and Settings\Mag\Local Settings\Application Data\Akamai\netsession_win.exe [4489472] [PID.1548] [MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376] [PID.2024] [MD5.D05CBA17A699CE86DDB100DF4F348E57] - (...) -- C:\Program Files\VirtuaWin\modules\WinList.exe [14848] [PID.2420] [MD5.FA5A8C83E3683A0A811F8C8CA9D0D9CC] - (.Broadcom Corporation - Broadcom Management Agent.) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [130560] [PID.2832] [MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.4008] [MD5.E7BF96BC4C766C2A30D0733CBFEEC438] - (.LogMeIn, Inc. - LMIGuardianSvc.) -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056] [PID.2124] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.3016] [MD5.7799159965530D17BBA17AEBD6B87079] - (.diamondata - diamondata.) -- C:\Program Files\diamondata\updatediamondata.exe [65312] [PID.3304] =>Hijacker.Diamondata [MD5.7799159965530D17BBA17AEBD6B87079] - (.diamondata - diamondata.) -- C:\Program Files\diamondata\bin\utildiamondata.exe [65312] [PID.3680] =>Hijacker.Diamondata [MD5.FC449AC1571F39B961CF401FA6C55F47] - (.AVG Secure Search - ToolbarU Application (Official).) -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544] [PID.3760] =>Toolbar.AVGSearch [MD5.D0C526C8D8F165643B4A796FC4D870AE] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1664336] [PID.4020] [MD5.B793814D30EECA059C49004234DF41B8] - (.Pas de propriétaire - loggings Application.) -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe [159768] [PID.2196] =>Toolbar.AVGSearch [MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.2820] [MD5.E894DEAC708A623AB732CAEC2F7815B2] - (.VirtuaWin - VirtuaWin v4.4.) -- C:\Program Files\VirtuaWin\VirtuaWin.exe [140288] [PID.416] [MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.2004] [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.5700] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.5080] [MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.904] ~ Processes Running: Scanned in 00mn 04s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [alelhddbbhepgpmgidjdcjakblofbmce] Superbe capture d'\u00C3\u00A9cran : capturer et annoter v.3.5.10, (Activé) G2 - GCE: Preference [User Data\Default] [beapnbfmjmjhhfpaoajfhjbbfnnlfpnc] M\u00C3\u00A9t\u00C3\u00A9o (extension) v.0.9.0.7 (Activé) G2 - GCE: Preference [User Data\Default] [bplpjekajfkhgiboeonoamhmeojfgcol] Google v.2013.5.30.49956 (Activé) G2 - GCE: Preference [User Data\Default] [cdenlcnfdjepagejpfajlkicggieknab] Musique Chansons joueur v.1.7 (Activé) G2 - GCE: Preference [User Data\Default] [delimgmbagokgmjffmedgcafjcakbedp] Color My Facebook v.1.25.66, (Activé) =>PUP.ColorMyFacebook G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Désactivé) =>Toolbar.DeltaSearch G2 - GCE: Preference [User Data\Default] [foikbdpmdilfgdehieajngjldkdclejb] eBay.fr v.1.1 (Activé) =>Toolbar.eBay G2 - GCE: Preference [User Data\Default] [glmjnpljfjjjigfgjmjfhkebhekjcmhi] Doodle Jump v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [hendmekoldfacfhlojkjcnbjegkahclb] diamondata v.1.0.0 (Désactivé) =>Hijacker.Diamondata G2 - GCE: Preference [User Data\Default] [hihcjeppebpkkjhcdpbomdbmdpomhkmo] Youtube Video Downloader (Multiformat) v.2.2 (Désactivé) G2 - GCE: Preference [User Data\Default] [kbblglodjkijioefjpbilkmmchdabdmj] http://www.streamiz-filmze.com/tags/Films+COM v.2013.8.24.62038 (Activé) G2 - GCE: Preference [User Data\Default] [lffebcpgjecadnkcmdcgklbnphfdjbck] Oweb Voice Input v.35 (Activé) G2 - GCE: Preference [User Data\Default] [mdbpdfnmelhlgpkcmddpldbckonnmele] You Tube v.2013.5.15.50316 (Activé) G2 - GCE: Preference [User Data\Default] [mmiopbgcekanlhpjkonogoljpfmhpkhf] Lyrics-Pal v.1.125 (Désactivé) =>Adware.AddLyrics G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Security Toolbar v.15.3.0.11 (Désactivé) =>Toolbar.AVGSearch G2 - GCE: Preference [User Data\Default] [ngbcgifdaopbfflfhbcfeomijfbbcadi] Downloads v. () G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google\u00C2 Wallet v.0.0.6.0 (Activé) G2 - GCE: Preference [User Data\Default] [pdjjgkekanafjglppmmpfngdnhiaccgm] UNO 3 3D v.1.0.0 (Activé) ~ Google Browser: 30 Legitimates Filtered in 00mn 13s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@ngm.nexoneu.com/NxGame] - (...) -- C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameEU.dll (.not file.) P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.) ~ Firefox Browser: 13 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} Clé orpheline O3 - Toolbar: (no name) - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Calculatrice.lnk . (.Microsoft Corporation - Application Calculatrice de Windows.) -- C:\WINDOWS\system32\calc.exe =>.Microsoft Corporation O4 - GS\Program [AllUsers]: Configurer les programmes par défaut.lnk . (.Microsoft Corporation - Panneau de configuration Windows.) -- C:\WINDOWS\system32\control.exe O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (...) -- C:\Program Files\Messenger\msmsgs.exe (.not file.) O4 - GS\Program [Mag]: GoforFiles.lnk . (...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O4 - GS\Program [Mag]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Mag]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [Mag]: Raccourci vers 1.5.2.lnk . (...) -- C:\Documents and Settings\Mag\Mes documents\tous\jeux\serveur\normal\1.5.2 (.not file.) O4 - GS\Program [Mag]: RocketDock.exe.lnk . (...) -- C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe (.not file.) ~ Global Startup: 16 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: VirtuaWin.lnk . (.VirtuaWin - VirtuaWin v4.4.) -- C:\Program Files\VirtuaWin\VirtuaWin.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [vProt] . (.Pas de propriétaire - VProtect Application (Official).) -- C:\Program Files\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKLM\..\Run: [GB_UPDATE] . (...) -- C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Documents and Settings\Mag\Local Settings\Application Data\Akamai\netsession_win.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Mag\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-484763869-299502267-1417001333-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-484763869-299502267-1417001333-1003\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Documents and Settings\Mag\Local Settings\Application Data\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-484763869-299502267-1417001333-1003\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Mag\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-484763869-299502267-1417001333-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 03s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office 2003\OFFICE11\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -- C:\Program Files\Messenger\msmsgs.exe (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{B07E87F6-13E4-4CBF-AC7E-02F53156B21D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{B07E87F6-13E4-4CBF-AC7E-02F53156B21D}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{B07E87F6-13E4-4CBF-AC7E-02F53156B21D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{B07E87F6-13E4-4CBF-AC7E-02F53156B21D}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{B07E87F6-13E4-4CBF-AC7E-02F53156B21D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{B07E87F6-13E4-4CBF-AC7E-02F53156B21D}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 01s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Update diamondata (Update diamondata) . (.diamondata - diamondata.) - C:\Program Files\diamondata\updatediamondata.exe =>Hijacker.Diamondata O23 - Service: Util diamondata (Util diamondata) . (.diamondata - diamondata.) - C:\Program Files\diamondata\bin\utildiamondata.exe =>Hijacker.Diamondata O23 - Service: (vToolbarUpdater17.2.0) . (.AVG Secure Search - ToolbarU Application (Official).) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: 13 Legitimates Filtered in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Mag\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Mag\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [282] =>P2P.GoforFiles [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles ~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (prodrv06) . (.Protection Technology - StarForce Protection Environment Driver.) - C:\WINDOWS\system32\drivers\prodrv06.sys O41 - Driver: (dtsoftbus01) . (. - .) - C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys (.not file.) ~ Drivers: 81 Legitimates Filtered in 00mn 01s ---\\ Logiciels installés (O42) O42 - Logiciel: American McGee presents Scrapland - (...) [HKLM] -- {20D9C678-A895-4F76-8AC2-22EDFF5F9C91} O42 - Logiciel: Snookiz - patch config.xml - (...) [HKCU] -- Snookiz - patch config.xml O42 - Logiciel: diamondata 3.0.0 - (.diamondata.) [HKLM] -- diamondata =>Hijacker.Diamondata ~ Logic: 23 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN] [HKCU\Software\Ask.com] [HKCU\Software\BI] [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Color My Googl] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Windows Firewall] [HKCU\Software\diamondata] =>Hijacker.Diamondata [HKCU\Software\lollipop] =>Adware.Lollipop [HKLM\Software\APN] [HKLM\Software\Babylon] =>PUP.Babylon [HKLM\Software\Conduit] =>Toolbar.Conduit [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Vittalia] =>PUP.Vittalia ~ Key Software: 325 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 20/12/2013 - 17:13:03 - [3,597] ----D C:\Program Files\diamondata =>Hijacker.Diamondata O43 - CFD: 01/01/2014 - 19:15:27 - [0] ----D C:\Program Files\Pando Networks O43 - CFD: 02/01/2014 - 16:31:47 - [123,978] ----D C:\Program Files\TeamThecraft O43 - CFD: 27/08/2013 - 19:24:41 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN O43 - CFD: 05/06/2013 - 10:29:22 - [0] ----D C:\Documents and Settings\All Users\Application Data\FogelSoft O43 - CFD: 17/05/2013 - 19:16:59 - [1,066] ----D C:\Documents and Settings\All Users\Application Data\InstallMate O43 - CFD: 05/06/2013 - 10:18:51 - [0] ----D C:\Documents and Settings\Mag\Application Data\FogelSoft O43 - CFD: 26/07/2013 - 06:58:00 - [0] ----D C:\Documents and Settings\Mag\Local Settings\Application Data\Lollipop =>Adware.Lollipop O43 - CFD: 26/07/2013 - 08:45:40 - [0,197] ----D C:\Documents and Settings\Mag\Local Settings\Application Data\Updater23606 =>PUP.CrossRider O43 - CFD: 05/05/2013 - 12:50:15 - [0,013] R---D C:\Documents and Settings\Mag\Menu Démarrer\Programmes\Jeux O43 - CFD: 08/09/2013 - 12:41:05 - [0,001] ----D C:\Documents and Settings\Mag\Menu Démarrer\Programmes\Snookiz - patch config.xml ~ Program Folder: 186 Legitimates Filtered in 00mn 36s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.0F5769D4C03763553D658404FDB2563A] - 02/01/2014 - 14:51:39 ---A- . (...) -- C:\autoupdate.log [1050] O44 - LFC:[MD5.F329A26A5D860F7F3EE1E01AE35F6BDB] - 02/01/2014 - 16:24:27 ---A- . (...) -- C:\WINDOWS\msmqinst.log [11656] O44 - LFC:[MD5.94F527A05FDD80646999601703121EF4] - 02/01/2014 - 16:24:28 ---A- . (...) -- C:\WINDOWS\netfxocm.log [1868] O44 - LFC:[MD5.07AC860A876803BA21ED534948E33F66] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [13534] O44 - LFC:[MD5.32B7683CFE1741B7571A08F436676635] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [1061] O44 - LFC:[MD5.2ACA95D41DAD0EB1E64643E525EDD98F] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\comsetup.log [4179] O44 - LFC:[MD5.44A39A2A823C6807306719A2415E1EEC] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\iis6.log [33766] O44 - LFC:[MD5.6EF77D167A838386DAEB3303298F6B99] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\imsins.log [5301] O44 - LFC:[MD5.3A94651AF7B76192CFA20680048D4CDD] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\msgsocm.log [737] O44 - LFC:[MD5.863666DC6FB0DBDE8057DDCE39614FE7] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [3620] O44 - LFC:[MD5.9F9FD84E565FA31F9F64F8757EEF02B9] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\ocgen.log [11312] O44 - LFC:[MD5.BE0463BBAA99544042A3264A6FF86DD9] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\ocmsn.log [745] O44 - LFC:[MD5.33E9A94CF1FEB188E56D3E953856A90C] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\tabletoc.log [311] O44 - LFC:[MD5.7FA18B3058F71BF9150FAD2999C9EB51] - 02/01/2014 - 16:25:00 ---A- . (...) -- C:\WINDOWS\tsoc.log [7154] ~ Files: 25 Legitimates Filtered in 03mn 21s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Bureau\super smash bros crusade\SSBC084.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Bureau\super smash bros crusade\SSBC084.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Bureau\super smash bros\SSBC084.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Bureau\super smash bros\SSBC084.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\AssaultCube_v1.1.0.4\bin_win32\ac_server.exe" [Enabled] .(...) -- C:\Program Files\AssaultCube_v1.1.0.4\bin_win32\ac_server.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Mes documents\Downloads\Garrys.Mod.13.v153\Garry's Mod\hl2.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Mes documents\Downloads\Garrys.Mod.13.v153\Garry's Mod\hl2.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Counter-Strike\hl.exe" [Enabled] .(...) -- C:\Program Files\Counter-Strike\hl.exe (.not file.) O47 - AAKE:Key Export SP - "C:\BrawlBustersDownloader\BBDownLoader.exe" [Enabled] .(...) -- C:\BrawlBustersDownloader\BBDownLoader.exe (.not file.) O47 - AAKE:Key Export SP - "c:\BrickForce\BfLauncher.exe" [Enabled] .(...) -- c:\BrickForce\BfLauncher.exe (.not file.) O47 - AAKE:Key Export SP - "c:\BrickForce\BrickForce.exe" [Enabled] .(...) -- c:\BrickForce\BrickForce.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Heroes of Newerth\hon.exe" [Enabled] .(...) -- C:\Program Files\Heroes of Newerth\hon.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Brawl Busters\bin\PbLauncher.exe" [Enabled] .(...) -- C:\Program Files\Brawl Busters\bin\PbLauncher.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Brawl Busters\bin\pbclient.exe" [Enabled] .(...) -- C:\Program Files\Brawl Busters\bin\pbclient.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Mes documents\games\super smash bros crusade\SSBC084.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Mes documents\games\super smash bros crusade\SSBC084.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\RomStation\NetPlay\Emulation\csMESS\csmess.exe" [Enabled] .(...) -- C:\Program Files\RomStation\NetPlay\Emulation\csMESS\csmess.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\RomStation\NetPlay\Emulation\csMAME\csmame.exe" [Enabled] .(...) -- C:\Program Files\RomStation\NetPlay\Emulation\csMAME\csmame.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Valve\hl.exe" [Enabled] .(...) -- C:\Program Files\Valve\hl.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Enlight\Scrapland\Bin\Scrap.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Enlight\Scrapland\Bin\Scrap.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Bureau\warsow\warsow.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Bureau\warsow\warsow.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Bureau\serveur gta sa\samp-server.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Bureau\serveur gta sa\samp-server.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Saints Row The Third\saintsrowthethird.exe" [Enabled] .(...) -- C:\Program Files\Saints Row The Third\saintsrowthethird.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Saints Row The Third\Saints Row the Third.exe" [Enabled] .(...) -- C:\Program Files\Saints Row The Third\Saints Row the Third.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Star wars Battlefront II\GameData\BattlefrontII.exe" [Enabled] .(...) -- C:\Program Files\Star wars Battlefront II\GameData\BattlefrontII.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Counter-Strike\hlds.exe" [Enabled] .(...) -- C:\Program Files\Counter-Strike\hlds.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Bureau\UrbanTerror42\Quake3-UrT.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Bureau\UrbanTerror42\Quake3-UrT.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mag\Mes documents\UrbanTerror42\Quake3-UrT.exe" [Enabled] .(...) -- C:\Documents and Settings\Mag\Mes documents\UrbanTerror42\Quake3-UrT.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\RomStation\Games\PC\Minetest - 35194\bin\minetest.exe" [Enabled] .(...) -- C:\Program Files\RomStation\Games\PC\Minetest - 35194\bin\minetest.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\RomStation\Games\PC\Super Smash Bros. Crusade - 35284\SSBC084.exe" [Enabled] .(...) -- C:\Program Files\RomStation\Games\PC\Super Smash Bros. Crusade - 35284\SSBC084.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles ~ Keys Export: 53 Legitimates Filtered in 00mn 03s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{fb124883-0bd3-11e3-91a4-001a4b484d85}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 04:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 04:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.09921A58B4278BC16EFA91A8FE480C50] - 03/09/2004 - 18:19:07 ---A- . (.Protection Technology - StarForce Protection Environment Driver.) -- C:\WINDOWS\system32\Drivers\prodrv06.sys [54368] O58 - SDL:[MD5.97184F49AA0733F6EEA28ADA265BA8DA] - 03/09/2004 - 18:23:10 ---A- . (.Protection Technology - StarForce Protection Helper Driver.) -- C:\WINDOWS\system32\Drivers\prohlp02.sys [115680] O58 - SDL:[MD5.960BCE3ED38761B446AABAC06C76BADF] - 19/07/2004 - 15:49:54 ---A- . (.Protection Technology - StarForce Protection Synchronization Driver.) -- C:\WINDOWS\system32\Drivers\prosync1.sys [7040] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 04:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.462AEE0EA0481EA8BD45CAC876A4CCC4] - 01/12/2003 - 16:20:52 ---A- . (.Protection Technology - StarForce Protection Helper Driver.) -- C:\WINDOWS\system32\Drivers\sfhlp01.sys [4832] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 27/08/2013 - 19:21:09 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.5A5927C254DA9D76D66DE866E21C1058] - 14/01/2013 - 11:26:58 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\tap0901.sys [31360] O58 - SDL:[MD5.FD90A16CEB10D4FDAA00AAF39B8FF58F] - 29/03/2013 - 01:52:12 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\taphss.sys [33512] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/04/2008 - 04:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.459C0FFF8FF5EB4E8DF7E2EFDCB28DE1] - 21/05/2013 - 18:41:18 ----- . (...) -- C:\WINDOWS\system32\apf003.sys [13232] O58 - SDL:[MD5.F0B140788A70958B0AFD1556FF2E8E18] - 21/05/2013 - 18:41:18 ----- . (...) -- C:\WINDOWS\system32\apl003.sys [16304] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 5 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 29/11/2013 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (AntiVirService) .(.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - 03/10/2013 - C:\Program Files\diamondata\updatediamondata.exe (Update diamondata) .(.diamondata - diamondata.) - LEGACY_UPDATE_DIAMONDATA =>Hijacker.Diamondata O64 - Services: CurCS - 04/10/2013 - C:\Program Files\diamondata\bin\utildiamondata.exe (Util diamondata) .(.diamondata - diamondata.) - LEGACY_UTIL_DIAMONDATA =>Hijacker.Diamondata O64 - Services: CurCS - 05/12/2013 - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (vToolbarUpdater17.2.0) .(.AVG Secure Search - ToolbarU Application (Official).) - LEGACY_VTOOLBARUPDATER17.2.0 =>Toolbar.AVGSearch ~ Legacy: 265 Legitimates Filtered in 00mn 01s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Conduit) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.494FCD1061795018107893DF77385E1A] [SPRF][06/12/2013] (...) -- C:\Documents and Settings\Mag\Bureau\Ascentia.exe [833424] [MD5.3389F0C8717E7438BFB0B03498756F27] [SPRF][02/07/2013] (...) -- C:\Documents and Settings\Mag\Bureau\Minecraft 1.6 .exe [484992] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>Toolbar.Ask ~ Update Products: 78 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]:s="0" ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.6F8577D9617E3CBC0F246919E268B1A0] [WIS][31/10/2013] (.UNKNOWN - Transformice.) -- C:\Windows\Installer\f6d9556.msi [20992] ~ WIS: 80 Legitimates Filtered in 00mn 09s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 05/05/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 10/02/2010 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 25/06/2013 140384 | (Futuremark SystemInfo Service) . (.Futuremark Corporation.) - C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe SS - | Auto 15/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 15/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 25/08/2013 4868640 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 29/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 11/02/2010 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SR - | Auto 14/01/2011 130560 | (BrcmMgmtAgent) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe SR - | Auto 29/11/2013 1664336 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe SR - | Auto 08/10/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 11/10/2013 375056 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 03/10/2013 65312 | (Update diamondata) . (.diamondata.) - C:\Program Files\diamondata\updatediamondata.exe =>Hijacker.Diamondata SR - | Auto 04/10/2013 65312 | (Util diamondata) . (.diamondata.) - C:\Program Files\diamondata\bin\utildiamondata.exe =>Hijacker.Diamondata SR - | Auto 05/12/2013 1771544 | (vToolbarUpdater17.2.0) . (.AVG Secure Search.) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: Scanned in 00mn 10s ---\\ Scan Additionnel (O88) Database Version : 13018 - (02/01/2014) Clés trouvées (Keys found) : 90 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 16 Fichiers trouvés (Files found) : 12 [HKLM\Software\Google\Chrome\Extensions\delimgmbagokgmjffmedgcafjcakbedp] =>PUP.ColorMyFacebook^ [HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^ [HKLM\Software\Google\Chrome\Extensions\foikbdpmdilfgdehieajngjldkdclejb] =>Toolbar.eBay^ [HKLM\Software\Google\Chrome\Extensions\hendmekoldfacfhlojkjcnbjegkahclb] =>Hijacker.Diamondata^ [HKLM\Software\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^ [HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^ [HKLM\SYSTEM\CurrentControlSet\Services\Update diamondata] =>Hijacker.Diamondata^ [HKLM\SYSTEM\CurrentControlSet\Services\Util diamondata] =>Hijacker.Diamondata^ [HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.2.0] =>Toolbar.AVGSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\diamondata] =>Hijacker.Diamondata^ [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask [HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search] =>Toolbar.AVGSearch [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent [HKCU\Software\APN] =>Toolbar.Ask [HKLM\Software\APN] =>Toolbar.Ask [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski [HKCU\Software\lollipop] =>Adware.Lollipop [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search] =>Toolbar.AVGSearch [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKCU\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\BI] =>Adware.MegaSearch [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055AF109-DE93-4160-BCFC-7DA70ECAA020}] =>Hijacker.Diamondata [HKLM\Software\Classes\Iminent] =>Adware.IMBooster [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSearch^ [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delimgmbagokgmjffmedgcafjcakbedp =>PUP.ColorMyFacebook^ C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^ C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\foikbdpmdilfgdehieajngjldkdclejb =>Toolbar.eBay^ C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hendmekoldfacfhlojkjcnbjegkahclb =>Hijacker.Diamondata^ C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^ C:\Documents and Settings\Mag\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^ C:\Program Files\diamondata =>Hijacker.Diamondata^ C:\Documents and Settings\Mag\Local Settings\Application Data\Lollipop =>Adware.Lollipop^ C:\Documents and Settings\Mag\Local Settings\Application Data\Updater23606 =>PUP.CrossRider^ C:\Program Files\AVG Secure Search =>Toolbar.AVGSearch C:\Program Files\Fichiers communs\AVG Secure Search =>Toolbar.AVGSearch C:\Documents and Settings\All Users\Application Data\AVG Secure Search =>Toolbar.AVGSearch C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma C:\Documents and Settings\Mag\Application Data\AVG Secure Search =>Toolbar.AVGSearch C:\Documents and Settings\Mag\Local Settings\Application Data\AVG Secure Search =>Toolbar.AVGSearch C:\Documents and Settings\Mag\Local Settings\Application Data\Bundled software uninstaller =>Adware.MegaSearch C:\Program Files\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch^ C:\Program Files\diamondata\updatediamondata.exe =>Hijacker.Diamondata^ C:\Program Files\diamondata\bin\utildiamondata.exe =>Hijacker.Diamondata^ C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^ C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe =>Toolbar.AVGSearch^ C:\WINDOWS\Tasks\GoforFilesUpdate.job =>P2P.GoforFiles^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\diamondata] =>Hijacker.Diamondata^ [HKLM\Software\Babylon] =>PUP.Babylon^ [HKLM\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Vittalia] =>PUP.Vittalia^ ~ Additionnel Scan: 182893 Items scanned in 00mn 27s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/32951807-hijacker-diamondata =>Hijacker.Diamondata ~ http://nicolascoolman.webs.com/apps/blog/show/33018550-pup-colormyfacebook =>PUP.ColorMyFacebook ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/32240257-trojan-fynloski =>Trojan.Fynloski ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ MSI: 21 link(s) detected in 00mn 28s ~ 1202 Legitimates filtered by white list End of the scan (724 lines in 05mn 45s)(0)